Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1177262AbdDYJGa (ORCPT ); Tue, 25 Apr 2017 05:06:30 -0400 Received: from bombadil.infradead.org ([65.50.211.133]:38019 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965460AbdDYJGW (ORCPT ); Tue, 25 Apr 2017 05:06:22 -0400 Date: Tue, 25 Apr 2017 11:05:58 +0200 From: Peter Zijlstra To: Kees Cook Cc: PaX Team , LKML , Eric Biggers , Christoph Hellwig , "axboe@kernel.dk" , James Bottomley , Elena Reshetova , Hans Liljestrand , David Windsor , "x86@kernel.org" , Ingo Molnar , Arnd Bergmann , Greg Kroah-Hartman , Jann Horn , "David S. Miller" , linux-arch , "kernel-hardening@lists.openwall.com" Subject: Re: [PATCH] x86/refcount: Implement fast refcount_t handling Message-ID: <20170425090558.vi4ihaqedlmph7va@hirez.programming.kicks-ass.net> References: <20170421220939.GA65363@beast> <58FDF8C4.5120.17D092B7@pageexec.freemail.hu> <20170424133323.cf3xyd3mmwp6ixaz@hirez.programming.kicks-ass.net> <58FE1687.5511.1844D4FC@pageexec.freemail.hu> <20170424220128.j7nnhuohqdqbiki7@hirez.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 671 Lines: 15 On Mon, Apr 24, 2017 at 03:37:32PM -0700, Kees Cook wrote: > On Mon, Apr 24, 2017 at 3:01 PM, Peter Zijlstra wrote: > > It does not. It just got free'ed. Nothing will stop the free from > > happening (or already having happened). > > Well, yes, but that's kind of my point. Detecting inc-from-0 is "too > late" to offer a protection. It offers notification of a bug, rather > than stopping an exploit from happening. Well, your setup (panic_on_warn et al) would have it panic the box. That will effectively stop the exploit by virtue of stopping everything. And warn/bug/panic etc.. are I think a better option that silently letting it happen.